Chunk compression in a deduplication aware client environment

ABSTRACT

Techniques and mechanisms described herein facilitate the transmission of a data stream to a networked storage system. According to various embodiments, a data stream may be parsed to identify one or more uncompressed data chunks for transmission to a networked storage system. Each uncompressed data chunk may be compressed to produce a respective compressed data chunk. Each compressed data chunk may be transmitted to the networked storage system via a network for storage at the networked storage system.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a Continuation of U.S. patent application Ser. No.14/453,165, filed Aug. 6, 2014, titled CHUNK COMPRESSION IN ADEDUPLICATION AWARE CLIENT ENVIRONMENT, which is incorporated herein byreference in its entirety.

TECHNICAL FIELD

The present disclosure relates generally to data storage, and morespecifically to the operation of client devices in communication withnetwork-accessible or network-attached storage systems.

DESCRIPTION OF RELATED ART

Data is often stored in storage systems that are accessed via a network.Network-accessible storage systems allow potentially many differentclient devices to share the same set of storage resources. Anetwork-accessible storage system can perform various operations thatrender storage more convenient, efficient, and secure. For instance, anetwork-accessible storage system can receive and retain potentiallymany versions of backup data for files stored at a client device. Aswell, a network-accessible storage system can serve as a shared filerepository for making a file or files available to more than one clientdevice.

Some data storage systems may perform operations related to datadeduplication. In computing, data deduplication is a specialized datacompression technique for eliminating duplicate copies of repeatingdata. Deduplication techniques may be used to improve storageutilization or network data transfers by effectively reducing the numberof bytes that must be sent or stored. In the deduplication process,unique chunks of data, or byte patterns, are identified and storedduring a process of analysis. As the analysis continues, other chunksare compared to the stored copy and a redundant chunk may be replacedwith a small reference that points to the stored chunk. Given that thesame byte pattern may occur dozens, hundreds, or even thousands oftimes, the amount of data that must be stored or transferred can begreatly reduced. The match frequency may depend at least in part on thechunk size. Different storage systems may employ different chunk sizesor may support variable chunk sizes.

Deduplication differs from standard file compression techniques. Whilestandard file compression techniques typically identify short repeatedsubstrings inside individual files, storage-based data deduplicationinvolves inspecting potentially large volumes of data and identifypotentially large sections—such as entire files or large sections offiles—that are identical, in order to store only one copy of a duplicatesection. In some instances, this copy may be additionally compressed bysingle-file compression techniques. For example, a typical email systemmight contain many instances of the same one megabyte (MB) fileattachment. In conventional backup systems, each time the system isbacked up, all 100 instances of the attachment are saved, requiring 100MB storage space. With data deduplication, the storage space requiredmay be limited to only one instance of the attachment. Subsequentinstances may be referenced back to the saved copy for deduplicationratio of roughly 100 to 1.

SUMMARY

The following presents a simplified summary of the disclosure in orderto provide a basic understanding of certain embodiments of theinvention. This summary is not an extensive overview of the disclosureand it does not identify key/critical elements of the invention ordelineate the scope of the invention. Its sole purpose is to presentsome concepts disclosed herein in a simplified form as a prelude to themore detailed description that is presented later.

In general, certain embodiments of the present invention providemechanisms for transmitting a data stream to a networked storage system.According to various embodiments, a data stream may be parsed toidentify one or more uncompressed data chunks for transmission to anetworked storage system. Each uncompressed data chunk may be compressedto produce a respective compressed data chunk. Each compressed datachunk may be transmitted to the networked storage system via a networkfor storage at the networked storage system.

In some implementations, an amount of available computing resources atthe client device and/or networked storage system may be identified.Also, one or more computing resource availability compression thresholdsmay be identified. Each uncompressed data chunk may be compressed whenthe amount of available computing resources meets or exceeds thecomputing resource availability compression threshold.

In particular embodiments, one or more of the uncompressed data chunksmay be identified via a rolling hash parsing technique operable togenerate at least some identical chunks when parsing different butoverlapping data streams.

According to various embodiments, a respective fingerprint may beidentified for each uncompressed data chunk by applying a hash functionto the uncompressed data chunk. A determination may be made as towhether the uncompressed data chunk is stored at a networked storagesystem by transmitting each fingerprint to the networked storage systemvia the network. The determination may involve receiving a fingerprintstatus message from the networked storage system. The fingerprint statusmessage may indicate whether the chunk associated with the fingerprintis stored at the networked storage system.

In some implementations, a block map update request message includinginformation for updating a block map may be transmitted to the networkedstorage system. The block map may identify a designated memory locationat which each data compressed chunk is stored at the networked storagesystem.

In particular embodiments, each compressed data chunk may be encryptedprior to transmission. Alternately, or additionally, the networkedstorage system may be operable to store deduplicated data based onstorage requests received via the network. The data stream may begenerated at the client device via a network storage protocol such asthe Network File System (NFS) protocol, the Common Internet File System(CIFS) protocol, or the Open Storage (OST) protocol.

BRIEF DESCRIPTION OF THE DRAWINGS

The disclosure may best be understood by reference to the followingdescription taken in conjunction with the accompanying drawings, whichillustrate particular embodiments of the present invention.

FIG. 1 shows an example of a network storage network storagearrangement, arranged in accordance with one or more embodiments.

FIG. 2 illustrates a particular example of a system that can be used inconjunction with the techniques and mechanisms of the present invention.

FIG. 3 illustrates a particular example of a networked storage system,configured in accordance with one or more embodiments

FIG. 4 illustrates an example of a communications protocol interface,configured in accordance with one or more embodiments.

FIG. 5 illustrates an example of a client-side data storage method,performed in accordance with one or more embodiments.

FIG. 6 illustrates a server-side data storage method, performed inaccordance with one or more embodiments.

FIG. 7 illustrates a configuration of data streams, presented inaccordance with one or more embodiments.

FIG. 8 illustrates a client-side data storage method, performed inaccordance with one or more embodiments.

FIG. 9 illustrates a client-side data retrieval method, performed inaccordance with one or more embodiments.

DESCRIPTION OF PARTICULAR EMBODIMENTS

Reference will now be made in detail to some specific examples of theinvention including the best modes contemplated by the inventors forcarrying out the invention. Examples of these specific embodiments areillustrated in the accompanying drawings. While the invention isdescribed in conjunction with these specific embodiments, it will beunderstood that it is not intended to limit the invention to thedescribed embodiments. On the contrary, it is intended to coveralternatives, modifications, and equivalents as may be included withinthe spirit and scope of the invention as defined by the appended claims.

For example, the techniques and mechanisms of the present invention willbe described in the context of particular data storage mechanisms.However, it should be noted that the techniques and mechanisms of thepresent invention apply to a variety of different data storagemechanisms. In the following description, numerous specific details areset forth in order to provide a thorough understanding of the presentinvention. Particular example embodiments of the present invention maybe implemented without some or all of these specific details. In otherinstances, well known process operations have not been described indetail in order not to unnecessarily obscure the present invention.

Various techniques and mechanisms of the present invention willsometimes be described in singular form for clarity. However, it shouldbe noted that some embodiments include multiple iterations of atechnique or multiple instantiations of a mechanism unless notedotherwise. For example, a system uses a processor in a variety ofcontexts. However, it will be appreciated that a system can use multipleprocessors while remaining within the scope of the present inventionunless otherwise noted. Furthermore, the techniques and mechanisms ofthe present invention will sometimes describe a connection between twoentities. It should be noted that a connection between two entities doesnot necessarily mean a direct, unimpeded connection, as a variety ofother entities may reside between the two entities. For example, aprocessor may be connected to memory, but it will be appreciated that avariety of bridges and controllers may reside between the processor andmemory. Consequently, a connection does not necessarily mean a direct,unimpeded connection unless otherwise noted.

Overview

According to various embodiments, techniques and mechanisms describedherein may facilitate sophisticated interactions between a client deviceand a networked storage system. For instance, a customizedimplementation of a communications protocol interface may be used toperform operations such as client-side deduplication. A networkedstorage system may include a parser configured to parse a data streaminto chunks for storage and a fingerprinter configured to determine afingerprint for each of the chunks. The parser may be configured in sucha way that two data streams identical except for offset will be reliablyparsed into the same chunks. The storage of duplicate chunks may beavoided by comparing the fingerprints of new chunks with thefingerprints of chunks already stored at the networked storage system.The storage of duplicate chunks may be avoided by comparing thefingerprints of new chunks with the fingerprints of chunks alreadystored at the networked storage system. The same parser andfingerprinter may also be implemented at a client device incommunication with the networked storage system via a network. Then, theclient device may parse and fingerprint a data stream before sendingdata to the networked storage system to avoid sending chunks alreadystored on the networked storage system. When sufficient computingresources are available at the client device, chunks may be compressedand/or encrypted at the client device prior to transmission to thenetworked storage system.

EXAMPLE EMBODIMENTS

Client devices frequently employ non-proprietary and commonly availablecommunication protocols such as the Network File System (NFS) and theCommon Internet File System (CIFS) to communicate with networked storagesystems. For instance, many common backup software suites are configuredtransmit data over a network through these channels. However, thesestandard communication protocols transmit data “as-is” and performlittle or no optimization at the client device. Various cachingstrategies are employed to increase data transfer performance. However,data-intrinsic strategies are not employed in these file transferprotocols. For instance, these standard communication protocols do notperform client-side deduplication, compression, encryption, or othersuch operations. Thus, many common backup configurations frequently senddata to a networked storage system that is already stored on thenetworked storage system.

Client devices may also employ proprietary communications protocols suchas Open Storage (OST) to communicate with networked storage systems. Forinstance, many common backup software suites are configured transmitdata over a network through these channels. Some proprietarycommunications protocols incorporate proprietary technologies in orderto boost performance. For instance, a client module implementing apropriety communications protocol may implement client-sidededuplication. However, many backup and networked storage solutions arenot configured to use these proprietary communications protocols.Moreover, purchasing backup and networked storage solutions that usethese proprietary communications protocols may be expensive and may lockthe purchaser in to the proprietary protocol.

According to various embodiments, a standard communications protocolinterface for a network communications protocols such as NFS or CIFS maybe supplemented at a client device with custom communications protocolinterface. The custom communications protocol interface may be operableto communicate with other modules at the client device via the standardcommunications protocol. However, the custom communications protocolinterface may include features that facilitate various non-standardinteractions with a networked storage system. For instance, the customcommunications protocol interface may include a parser and/orfingerprinter to facilitate client-side data deduplication.

In particular embodiments, a client device configured to use aparticular communications protocol can enjoy improved performancewithout changing the protocol from the perspective of other modules atthe client device. For example, backup software at the client device maybe configured to access an NFS or CIFS mount point for backup and/orrestore operations. In this example, by transparently using a customcommunications protocol interface that communicates via a standardnon-proprietary communications protocol such as NFS or CIFS, the backupsoftware can continue to communicate via the same protocol. However,performance can potentially be improved by non-standard performanceimprovement techniques implemented in the custom communications protocolinterface.

According to various embodiments, data may be deduplicated at the clientdevice. For instance, a data stream designated for storage on thenetworked storage system may be parsed at the client device using thesame parser that exists on the networked storage device. The parser maybreak the data stream into one or more data chunks, which may befingerprinted using the same fingerprinter that is used at the networkedstorage system. The client device may then consult with the networkedstorage system to determine whether a chunk is already stored at thenetworked storage system before transmitting the chunk over the network.For instance, the client device may communicate with the networkedstorage system via custom communications protocol semantics associatedwith a custom communications protocol.

In particular embodiments, the networked storage system may be operableto compress and/or encrypt chunks stored at the networked storagesystem. The client device may be operable to facilitate this compressionand/or encryption in at least some instances. For example, a clientdevice may compress and/or encrypt a chunk prior to sending it to thenetworked storage system for storage. As another example, the clientdevice may decompress and/or decrypt a chunk retrieved from thenetworked storage system.

In some implementations, the client device may be configured with thesame encryption, decryption, compression, and/or decompressiontechniques employed at the networked storage system. In this way, theclient device or the networked storage system may interchangeablyencrypt, decrypt, compress, or decompress data chunks.

According to various embodiments, the system or device responsible forencrypting, compressing, decrypting, and/or decrypting a chunk may bedynamically determined based on resource availability. For example, theclient device may encrypt, decrypt, compress, and/or decompress chunksif the client device has computing resources such as processor timeand/or memory available and not being used for other tasks. As anotherexample, the client device may encrypt, decrypt, compress, and/ordecompress chunks if the networked storage system is operating under aheavy load and likely to take a considerable length of time to respondto requests.

It should be noted that as used herein, the term encryption is intendedto refer to any type of cryptographic encryption algorithm as well asany type of compression algorithm. Similarly, the term “decryption” isintended to refer to any type of cryptographic decryption algorithm aswell as any type of decompression algorithm.

In particular embodiments, more than one algorithm may be employed. Forinstance, a chunk may be first compressed and then encrypted prior tostorage. Then, when the chunk is retrieved, the chunk may be firstdecrypted and then decompressed.

FIG. 1 shows an example of a network storage arrangement, arranged inaccordance with one or more embodiments. The network storage arrangementshown in FIG. 1 includes a networked storage system 102 in communicationwith client devices 104 and 106 via a network 120. The client devicesare configured to communication with the networked storage system 102via the communications protocol interfaces 114 and 116. The networkedstorage system 102 is configured to process file-related requests fromthe client devices via the virtual file system 102.

According to various embodiments, the client devices and networkedstorage system shown in FIG. 1 may communicate via a network 120. Thenetwork 120 may include any nodes or links for facilitatingcommunication between the end points. For instance, the network 120 mayinclude one or more WANs, LANs, MANs, WLANs, or any other type ofcommunication linkage.

In some implementations, the networked storage system 102 may be anynetwork-accessible device or combination of devices configured to storeinformation received via a communications link. For instance, thenetworked storage system 102 may include one or more DR6000 storageappliances provided by Dell Computer of Round Rock, Tex.

In some embodiments, the networked storage system 102 may be operable toprovide one or more storage-related services in addition to simple filestorage. For instance, the networked storage system 102 may beconfigured to provide deduplication services for data stored on thestorage system. Alternately, or additionally, the networked storagesystem 102 may be configured to provide backup-specific storage servicesfor storing backup data received via a communication link.

According to various embodiments, each of the client devices 104 and 106may be any computing device configured to communicate with the networkedstorage system 102 via a network or other communications link. Forinstance, a client device may be a desktop computer, a laptop computer,another networked storage system, a mobile computing device, or anyother type of computing device. Although FIG. 1 shows two clientdevices, other network storage arrangements may include any number ofclient devices. For instance, corporate networks often include manyclient devices in communication with the same networked storage system.

According to various embodiments, the client devices may communicatewith the networked storage system 102 via the communications protocolinterfaces 114 and 116. Different client devices may employ the samecommunications protocol interface or may employ different communicationsprotocol interfaces. The communications protocol interfaces 114 and 116shown in FIG. 1 may function as channel protocols that include afile-level system of rules for data exchange between computers. Forexample, a communications protocol may support file-related operationssuch as creating a file, opening a file, reading from a file, writing toa file, committing changes made to a file, listing a directory, creatinga directory, etc. Types of communication protocol interfaces that may besupported may include, but are not limited to: Network File System(NFS), Common Internet File System (CIFS), Server Message Block (SMB),Open Storage (OST), Web Distributed Authoring and Versioning (WebDAV),File Transfer Protocol (FTP), Trivial File Transfer Protocol (TFTP).

In some implementations, a client device may communicate with anetworked storage system using the NFS protocol. NFS is a distributedfile system protocol that allows a client computer to access files overa network in a fashion similar to accessing files stored locally on theclient computer. NFS is an open standard, allowing anyone to implementthe protocol. NFS is considered to be a stateless protocol. A statelessprotocol may be better able to withstand a server failure in a remotestorage location such as the networked storage system 102. NFS alsosupports a two-phased commit approach to data storage. In a two-phasedcommit approach, data is written non-persistently to a storage locationand then committed after a relatively large amount of data is buffered,which may provide improved efficiency relative to some other datastorage techniques.

In some implementations, a client device may communicate with anetworked storage system using the CIFS protocol. CIFS operates as anapplication-layer network protocol. CIFS is provided by Microsoft ofRedmond Wash. and is a stateful protocol.

In some embodiments, a client device may communicate with a networkedstorage system using the OST protocol provided by NetBackup.

In some embodiments, different client devices on the same network maycommunicate via different communication protocol interfaces. Forinstance, one client device may run a Linux-based operating system andcommunicate with a networked storage system via NFS. On the samenetwork, a different client device may run a Windows-based operatingsystem and communicate with the same networked storage system via CIFS.Then, still another client device on the network may employ a NetBackupbackup storage solution and use the OST protocol to communicate with thenetworked storage system 102.

According to various embodiments, the virtual file system layer (VFS)102 is configured to provide an interface for client devices usingpotentially different communications protocol interfaces to interactwith protocol-mandated operations of the networked storage system 102.For instance, the virtual file system 102 may be configured to send andreceive communications via NFS, CIFS, OST or any other appropriateprotocol associated with a client device.

In some implementations, the network storage arrangement shown in FIG. 1may be operable to support a variety of storage-related operations. Forexample, the client device 104 may use the communications protocolinterface 114 to create a file on the networked storage system 112, tostore data to the file, to commit the changes to memory, and to closethe file. As another example, the client device 106 may use thecommunications protocol interface 116 to open a file on the networkedstorage system 102, to read data from the file, and to close the file.

In particular embodiments, a communications protocol interface 114 maybe configured to perform various techniques and operations describedherein. For instance, a customized implementation of an NFS, CIFS, orOST communications protocol interface may allow more sophisticatedinteractions between a client device and a networked storage system.

According to various embodiments, a customized communications protocolinterface may appear to be a standard communications protocol interfacefrom the perspective of the client device. For instance, a customizedcommunications protocol interface for NFS, CIFS, or OST may beconfigured to receive instructions and provide information to othermodules at the client device via standard NFS, CIFS, or OST formats.However, the customized communications protocol interface may beoperable to perform non-standard operations such as a client-side datadeduplication.

FIG. 2 illustrates a particular example of a system that can be used inconjunction with the techniques and mechanisms of the present invention.According to particular example embodiments, a system 200 suitable forimplementing particular embodiments of the present invention includes aprocessor 201, a memory 203, an interface 211, persistent storage 205,and a bus 215 (e.g., a PCI bus). For example, the system 200 may act asa client device such as the client device 104 or the client device 106shown in FIG. 1. When acting under the control of appropriate softwareor firmware, the processor 201 is responsible for such tasks such asgenerating instructions to store or retrieve data on a remote storagesystem. Various specially configured devices can also be used in placeof a processor 201 or in addition to processor 201. The completeimplementation can also be done in custom hardware. The interface 211 istypically configured to send and receive data packets or data segmentsover a network. Particular examples of interfaces the device supportsinclude Ethernet interfaces, frame relay interfaces, cable interfaces,DSL interfaces, token ring interfaces, and the like. Persistent storage205 may include disks, disk arrays, tape devices, solid state storage,etc.

In addition, various very high-speed interfaces may be provided such asfast Ethernet interfaces, Gigabit Ethernet interfaces, ATM interfaces,HSSI interfaces, POS interfaces, FDDI interfaces and the like.Generally, these interfaces may include ports appropriate forcommunication with the appropriate media. In some cases, they may alsoinclude an independent processor and, in some instances, volatile RAM.The independent processors may control such communications intensivetasks as packet switching, media control and management.

According to particular example embodiments, the system 200 uses memory203 to store data and program instructions and maintain a local sidecache. The program instructions may control the operation of anoperating system and/or one or more applications, for example. Thememory or memories may also be configured to store received metadata andbatch requested metadata.

FIG. 3 illustrates an example of a networked storage system 300,configured in accordance with one or more embodiments. The networkedstorage system 300 may be operable to communicate with one or moreclient devices via a network. The communications may be conducted viaone or more communications protocols such as NF S, CIF S, or OST.

The networked storage system 300 includes TCP/IP interfaces 302 and 304in communication with communications protocol interface servers 308,310, and 312 via a bus 306. The communications protocol interfaceservers are configured to facilitate various storage operations bycommunicating with the virtual file system 314. The networked storagesystem 300 includes an NVRAM module 318 configured to temporarily storedata such as file data designated for storage in the storage system 300.The networked storage system 300 also includes a metadata server (MDS)318, a block map 320, a parser 322, a fingerprinter 324, an encryptionmodule 350, and a data store system 326. The data store system isconfigured to manage the data stores 330-342.

At 302, an Internet Protocol (IP) communications interface is shown.According to various embodiments, the IP communications interface 302 isconfigured to send and receive packets based on IP addresses in packetheaders. For instance, the IP communications interface 302 may sendpackets to client devices and receive packets from client devices via anetwork.

In some implementations, the IP communications interface 302 maycommunicate with the TCP communications interface 304. In someimplementations, the TCP communications interface 304 may provide forreliable, ordered, and error-checked delivery of a data stream betweenprograms running on computers connected to a network. For instance, theTCP communications interface 304 may be responsible for ensuring thatpackets reach their destinations and, when necessary, resending packets.

According to various embodiments, a data stream between the storagesystem 300 and a client device may be routed through a communicationsprotocol interface server based on the communications protocol used bythe client device. For instance, each communications protocol interfaceserver may be operable to send and receive communications via a protocolsuch as NFS or CIFS. The storage system 300 includes the communicationsprotocol interface servers 308, 310, and 312. However, implementationsof a storage system may include one, two, three, or any number ofcommunications protocol interface servers. Communications between theTCP/IP interfaces 302 and 304 and the communications protocol interfaceservers 308, 310, and 312 may be transmitted via the bus 306.

In some implementations, each of the communications protocol interfaceservers may be configured to communicate with the virtual file system314. The virtual file system 314 provides an interface between thedifferent communications protocol interface servers and the moreconcrete file system of the storage system 300. For instance, the VFSsupports operations which may include but are not limited to: creating afile, opening a file, reading a directory, making a directory, unlinkingor removing a file, removing a directory, closing a file, syncing orcommitting a change to a file, writing to a file, and reading from afile. Instructions to perform such operations may be received via astandard interface implemented by different communications protocolinterface servers. In this way, an instruction to perform a fileoperation such as creating a file may be transmitted via any of severalprotocols and implemented in a standard way by the virtual file system314.

In some embodiments, the NVRAM staging module 316 may temporarily storedata for any of various purposes. For instance, the NVRAM staging modulemay store data received in write requests from a client device. Then,the data may be written to the data store system 326 when the writerequests are committed or synchronized.

According to various embodiments, the parser 322 may be configured toreceive a stream of data and separate the data into chunks for storagein the data store system 326. The parser 322 may be configured in such away that two data streams identical except for offset will be reliablyparsed into the same chunks. Also, two similar and well-ordered datastreams may be reliably parsed in a similar fashion. In this way, datastreams may be parsed into chunks in a manner likely to frequentlygenerate duplicate chunks when similar data is provided to the parser.Then, the system can employ deduplication techniques to avoid storingduplicate copies of the same data.

Various techniques exist for parsing a data stream into chunks. Inparticular embodiments, the parser may employ a rolling hash techniquesuch as Rabin-Karp. The parser may parse a data stream in incrementssuch as 8 bytes. The hash may be computed in a rolling fashion. When therolling hash is generated, a computed hash value may be compared withone or more criteria to determine whether the computed hash valuequalifies as a chunk boundary. For instance, one criterion may indicatethat a chunk boundary has been reached when the computed hash value is aprime number. The parser may also enforce a minimum and/or maximum chunksize. For example, chunks may be limited in size to between 16 and 48kilobytes. Alternately, different chunk size restrictions may be usedfor different types of data presented. In this way, similar data streamsmay be parsed into similar chunks.

In particular embodiments, different chunks associated with the samefile may be stored at different locations in the data store system 326.Alternately, or additionally, a single chunk may potentially includedata from more than one file. The metadata server (MDS) 318 may maintaininformation about which files are stored on the storage system 318. Theblock map 320 may maintain information about where the chunks associatedwith each file are stored in the data store system 326.

In some embodiments, the metadata server 318 is operable to maintain oneor more namespaces for data stored on the storage system 300. Forinstance, when a file is created, an MDS entry may be created in themetadata server 318. The MDS entry may include the file's name and pointto a block map, which functions similarly to a UNIX system inode. Forinstance, an MDS entry representing a client file in the MDS 318 maypoint to a block map containing several entries in the block map 320.

In some embodiments, the storage system 300 may include a fingerprintersuch as the fingerprinter 324. The fingerprinter 324 may generates afingerprint of a chunk for purposes such as identification anddeduplication. A fingerprint may also be referred to as a hash value ora checksum. For instance, the fingerprinter 324 may compute a hash valueusing a hash function such as MD5, SHA-1, SHA-256, another Secure HashAlgorithm (SHA) hash function, or any other suitable hash function.

According to various embodiments, the block map 320, which functionssimilarly to a UNIX system inode, is operable to maintain entriesindicating the storage locations for data associated with files storedin the storage system 320. Each block map entry may designate a portionof a file that is stored in the chunk. For instance, a block map entrymay designate a file offset that indicates which portion of the file isstored in the chunk. Each block map entry may also designate a datastore ID that identifies a particular data store in the data storesystem 326 where the aforementioned chunk can be found. Each data storemay include one or more chunks.

According to various embodiments, the data store system 326 may beconfigured to store information parsed by the parser 322. Theconfiguration of the data store system 326 may be strategicallydetermined based on the underlying storage technology. For instance, thedata store system 326 may be configured to store data on one or morestorage disks configured in accordance with the Redundant Array ofIndependent Disks (RAID) storage standard.

In particular embodiments, the data store system 326 may include aplurality of data stores, such as the data stores 330-342. In thestorage system 300, only seven data stores are shown. However, thenumber of data stores may depend on factors such as the amount of datastored in the storage system. For instance, data store systems commonlyinclude millions of data stores in a single system.

In some embodiments, each data store may be configured to store one ormore chunks. For example, a data store may be configured to store up toa designated number of chunks, such as 1024. As another example, a datastore may be configured to store up to a designated amount of data, suchas 20 GB. The configuration of the data store parameters may bestrategically determined based on the underlying storage technology.

According to various embodiments, each data store may be associated witha unique identifier. The data store may include a header portion and achunk portion. For instance, the data store 330 includes the headerportion 344 and the chunk portion 346. The chunk portion 346 stores thedata included in the chunks. The header portion stores metadataassociated with the chunks. For instance, the header portion may includeone header entry for each chunk stored in the data store. Each entry mayinclude the chunk fingerprint generated by the fingerprinter 324, theoffset within the data store that indicates where in the data store thechunk is stored. In particular embodiments, the header portion may beindexed to facilitate rapid search.

In some implementations, the networked storage system may include anencryption module such as the encryption module 350. The encryptionmodule may be operable to perform operations such as encryption,decryption, compression, and/or decompression. For example, theencryption module may be configured to encrypted unencrypted chunks forstorage in the data store system 326 and/or decrypt encrypted chunksbefore providing them to a client device. As another example, theencryption module may be configured to compress chunks for storage inthe data system 326 and/or decompress chunks before providing them to aclient device.

FIG. 4 illustrates an example of a communications protocol interface114, configured in accordance with one or more embodiments. Thecommunications protocol interface 114 may be located at a client deviceand configured to facilitate potentially complex interactions betweenthe client device and a remote server such as a networked storagesystem.

According to various embodiments, the communications protocol interface114 includes a client protocol module 402, a parser 404, a fingerprinter406, communications protocol interface logic 408, a server protocolmodule 410, and an encryption module 416. The communications protocolinterface 114 may be communicably coupled with TCP/IP interfaces 412 and414 which may facilitate communications with a remote server. The TCP/IPinterfaces 412 and 414 may be substantially similar to the TCP/IPmodules 302 and 304 discussed with respect to FIG. 3.

In particular embodiments, the communications protocol interface 114 maybe configured to appear to other modules at the client device as aconventional communications protocol interface while at the same timeperforming unconventional tasks such as client-side deduplication. Thecommunications protocol interface 114 may perform such tasks at least inpart by incorporating one or more components similar to those moreconventionally found in a remote server.

According to various embodiments, the communications protocol interface114 may implement a parser and fingerprinter substantially similar tothose present at a networked storage system. Applying the same parsingand fingerprinting techniques at communications protocol interface 114located at the client device may allow for operations such asclient-side deduplication. For instance, rather than blindly sendingdata from the client device to a networked storage system when that datamaybe a duplicate of data already stored at the networked storagesystem, the communications protocol interface may first parse andfingerprint the data. Then, the client device may communicate with thenetworked storage system to determine whether the data needs to be sent.If the data does not need to be sent, then bandwidth may be reduced. Ifthe data does need to be sent, then the data may be stored directly instorage at the networked storage system without necessarily performingserver-side deduplication of the data. In this way, bandwidth usageand/or server-side resources may be conserved.

According to various embodiments, the client protocol module may beconfigured to allow the communications protocol interface 114 tocommunicate with other modules at the client device via a standardcommunications protocol. For instance, a processor at the client devicemay communicate with the communications protocol interface 114 via aprotocol such as CIFS, OST, or NFS. The client protocol module 402 maybe configured to process communications sent and received in suchformats.

According to various embodiments, the parser 404 may be configured toreceive a stream of data and separate the data into chunks for storageat a networked storage system. The parser 404 may be configured in sucha way that two data streams identical except for offset will be reliablyparsed into the same chunks. Also, two similar and well-ordered datastreams may be reliably parsed in a similar fashion. In this way, datastreams may be parsed into chunks in a manner likely to frequentlygenerate duplicate chunks when similar data is provided to the parser.Then, the system can employ deduplication techniques to avoid storingduplicate copies of the same data.

In particular embodiments, the parser 404 is identical to the parser 322implemented at the networked storage system in communication with theclient device. By implementing the same parser at the client device,data can be parsed in the same way at the two devices. For instance, ifthe same data stream were to be parsed at the client-side andserver-side parsers, the chunks that resulted from the different parsingoperations may be identical.

In some embodiments, the fingerprinter 406 may generate a fingerprint ofa chunk for purposes such as identification and deduplication. Afingerprint may also be referred to as a hash value or a checksum. Forinstance, the fingerprinter 406 may compute a hash value using a hashfunction such as MD5 SHA-1, SHA-256, another Secure Hash Algorithm (SHA)hash function, or any other suitable hash function.

In particular embodiments, the fingerprinter 406 is identical to thefingerprinter 324 implemented at a networked storage system incommunication with the client device. By implementing an identicalfingerprinter at the client device, data can be fingerprinted in thesame way at the two devices. For instance, if the same chunks were to befingerprinted at the client-side and server-side fingerprinter, thefingerprints that resulted from the different fingerprinting operationsmay be identical

In some embodiments, the communications protocol interface logic 408 maybe configured with instructions to facilitate various interactionsbetween the client and a server such as a networked storage system. Forinstance, the communications protocol interface logic 408 may beconfigured with computer programming language instructions that governthe operation of the other components of the communications protocolinterface 114. In one example, the communications protocol interfacelogic 408 may be configured to facilitate client-side datadeduplication, as is discussed with respect to FIG. 5.

According to various embodiments, the server protocol module 410 may beoperable to communicate with a remote server such as a networked storagesystem. For instance, the server protocol module 410 may be configuredto communicate using a proprietary protocol. The server protocol module410 may be operable to perform operations such as determining whether achunk having a particular fingerprint is stored at the networked storagesystem. Alternately, or additionally, the server protocol module 410 maybe operable to store information to and/or retrieve information from thenetworked storage system. For example, the server protocol module 410may be equipped for direct memory access at the networked storagesystem.

In some implementations, the networked storage system may include anencryption module such as the encryption module 416. The encryptionmodule may be operable to perform operations such as encryption,decryption, compression, and/or decompression. For example, theencryption module may be configured to encrypted unencrypted chunks fortransmission to the networked storage system and/or decrypt encryptedchunks received from the networked storage system. As another example,the encryption module may be configured to compress chunks fortransmission to the networked storage system and/or decompress chunksreceived from the networked storage system.

In particular embodiments, the encryption module 416 may besubstantially similar to the encryption module 350 shown in FIG. 3. Forinstance, both encryption modules may be configured to perform the sametypes of encryption, decryption, compression, and/or decompression. Inthis way, a chunk may be interchangeably compressed, decompressed,encrypted, or decrypted at the networked storage system and/or theclient device.

FIG. 5 illustrates an example of a client-side data storage method 500,performed in accordance with one or more embodiments. The method 500 maybe performed as part of a procedure in which data is transmitted from aclient device to a networked storage system for storage. The method 500may be performed on a client device, such as the client device 104 shownin FIG. 1.

In particular embodiments, the method 500 may be performed inassociation with a communications protocol interface configured tofacilitate interactions between the client machine and the networkedstorage system. For instance, the method 500 may be performed inassociation with the communications protocol interface 114 shown in FIG.4.

At 502, a request to store data on a networked storage system isreceived. In some embodiments, the request may be received as part of abackup operation. For instance, the client device may initiate therequest in order to store backup data on the networked storage system.Alternately, or additionally, the request may be received as part of anoperation to store data for retrieval by other devices via a network.

According to various embodiments, the request may be generated by aprocessor or other module on the client device. The request may bereceived at a client protocol module such as the module 402 shown inFIG. 4. For instance, the request may conform to a communicationsprotocol for transmitting information via a network, such as a CIFS,OST, or NFS protocol.

In some implementations, the request may identify various metadataassociated with a storage operation. For instance, the request mayinclude one or more headers that identify one or more file names, filesizes, directories, or other such data.

At 504, a data stream associated with the storage request is received.According to various embodiments, the data stream may include datadesignated for storage. For instance, the data stream may include thecontents of one or more files identified in the request received atoperation 502.

In some embodiments, the data stream may be provided in accordance witha communications protocol for transmitting information via a networksuch as CIFS, OST, or NFS. The data stream may be received at a clientprotocol module such as the module 402 shown in FIG. 4.

At 506, one or more chunks are determined by parsing the received datastream. According to various embodiments, the chunks may be determinedby parsing the data stream with the parser 404 shown in FIG. 4. Asdiscussed with respect to FIGS. 3 and 4, the parser may be configured insuch a way that two data streams identical except for offset will bereliably parsed into the same chunks. Also, two similar and well-ordereddata streams may be reliably parsed in a similar fashion. In this way,data streams may be parsed into chunks in a manner likely to frequentlygenerate duplicate chunks when similar data is provided to the parser.

At 508, a fingerprint is determined for each of the chunks. According tovarious embodiments, the fingerprint may be determined by thefingerprinter 406. As discussed with respect to FIGS. 3 and 4, thefingerprint may be a hash value generated using a hash function such asMD5 or SHA-1.

At 510, fingerprint status information from the networked storage systemis retrieved. In some embodiments, the fingerprint status informationmay be retrieved by transmitting the fingerprints determined atoperation 508 to the networked storage system. The fingerprints may besubstantially smaller than the chunks with which they are associated.Thus, transmitting the fingerprints to the networked storage system mayrequire substantially less bandwidth than transmitting the entirechunks.

In particular embodiments, the fingerprints may be transmitted via theserver protocol module 410. The fingerprints may be transmitted as partof a request to the networked storage system to determine whether chunksassociated with the fingerprints are stored at the networked storagesystem. When the request is received, the networked storage system mayprovide a response that indicates which of the chunks are stored on thenetworked storage system and/or which of the chunks are not stored onthe networked storage system. Techniques for providing fingerprintstatus information at the networked storage system are discussed inadditional detail with respect to the method 600 shown in FIG. 6.

At 512, a determination is made for each fingerprint as to whether thefingerprint is associated with a chunk stored at the networked storagesystem. According to various embodiments, the determination may be madeby processing one or more messages received from the networked storagesystem as part of the operation 510.

At 514, the chunk is transmitted to the networked storage system if itis determined that chunk fingerprint is associated with a chunk storedat the network storage device. According to various embodiments, thechunk may be transmitted via the server protocol module 410 shown inFIG. 4. The chunk may be stored at the networked storage system in adata store managed by the data store system 326 shown in FIG. 3.

In particular embodiments, transmitting the chunk to the networkedstorage device may involve encrypting and/or compressing the chunk priorto storage. For instance, a determination may be made as to whethersufficient computing resources exist at the client device to encryptedand/or compress the chunk. Techniques for encrypting and/or compressinga chunk are discussed in further detail with respect to FIG. 8.

At 516, block map update information is transmitted to the networkedstorage system. According to various embodiments, the block map updateinformation may be used for updating a block map such as the block map320 and/or the MDS 318 shown in FIG. 3. The contents of the block mapupdate information may vary based at least in part on the determinationmade at operation 512.

For example, if it is determined that the chunk is already stored on thenetworked storage system, then the block map update information mayinclude new block map and/or MDS entries that point to the existingchunk. In this way, references to the existing chunk are maintained andthe chunk is not unlinked (i.e. deleted) even if other references to thechunk are removed.

As another example, if instead it is determined that the chunk is notalready stored on the networked storage system, then the block mapupdate information may include new block map and/or MDS entries thatpoint to the storage location of the new chunk transmitted at operation514. For instance, the block map entry may include a data store IDassociated with the storage location of the new chunk.

FIG. 6 illustrates a server-side data storage method 600, performed inaccordance with one or more embodiments. The method 600 may be performedat a networked storage system such as the system 102 shown in FIG. 1.The method 600 may be performed in conjunction with the method 500discussed with respect to FIG. 5. For instance, the method 600 may beperformed to facilitate the storage of data at a networked storagesystem, where the data is deduplicated at a client device from which thedata originates.

At 602, a message requesting the status of a fingerprint is received atthe networked storage system. According to various embodiments, therequest message received at operation 602 may include one or morefingerprints that are each associated with a data chunk. The message maybe received from a client device in communication with the networkedstorage system via a network. For instance, the message may betransmitted as part of the information retrieval operation 510 discussedwith respect to FIG. 5.

At 604, a determination is made as to the status for the fingerprintidentified by the request message received at operation 602. Accordingto various embodiments, determining the status of the fingerprint mayinvolve evaluating whether a chunk corresponding with the fingerprint isstored at the networked storage system. The networked storage system maymake this determination by comparing the fingerprint to entries in theblock map 320. The fingerprints stored in the block map 320 may beindexed to facilitate a rapid comparison.

At 606, a fingerprint status message is transmitted to the clientdevice. According to various embodiments, the fingerprint status messagemay indicate whether a chunk associated with the fingerprint is storedat the networked storage system. For instance, the fingerprint statusmessage may indicate the results of the determination made at operation604.

At 608, a determination is made as to whether the fingerprint isassociated with a chunk stored at the networked storage system.According to various embodiments, the determination may be made based onthe status information determined at operation 604.

At 610, if the chunk is not stored at the networked storage system, thechunk may be received from the networked storage system. In particularembodiments, the chunk may be transmitted as discussed with respect tooperation 514 shown in FIG. 5. For instance, the chunk may be receivedvia the TCP/IP interfaces 302 and 304 shown in FIG. 3. Then the VFS 314may route the chunk for storage in a data store governed by the datastore system 326.

At 612, a determination is made as to whether the chunk is encryptedand/or compressed. In some embodiments, a chunk may be encrypted and/orcompressed at the client device, for instance if the client device hassufficient computing resources to encrypt and/or compress the chunk. Thedetermination may be made at least in part by receiving an indicationfrom the client device as to whether the chunk was encrypted and/orcompressed. For instance, when the chunk is transmitted from the clientdevice, the client device may transmit an indication of the encryptionand/or compression status of the chunk along with the chunk itself.

At 614, the chunk is encrypted and/or compressed. According to variousembodiments, the chunk may be encrypted and/or compressed by theencryption module 350 shown in FIG. 3. Any suitable encryption and/orcompression technique may be used. At 616, the chunk is stored.

At 618, block map update information is received from the client device.According to various embodiments, the block map update information maybe generated as discussed with respect to operation 516 shown in FIG. 5.For example, if it is determined that the chunk is already stored on thenetworked storage system, then the block map update information mayinclude new block map and/or MDS entries that point to the existingchunk. In this way, references to the existing chunk are maintained andthe chunk is not unlinked (i.e. deleted) even if other references to thechunk are removed. As another example, if instead it is determined thatthe chunk is not already stored on the networked storage system, thenthe block map update information may include new block map and/or MDSentries that point to the storage location of the new chunk stored atoperation 612. For instance, the block map entry may include a datastore ID associated with the storage location of the new chunk.

At 620, the block map is updated based on the received block map updateinformation. According to various embodiments, updating the block mapmay involve entering the changes identified in operation 614 in theblock map 320 shown in FIG. 3.

FIG. 7 illustrates a configuration of data streams, presented inaccordance with one or more embodiments. FIG. 7 includes data stream A700 and data stream B 750. The data streams are parsed into chunks 708,710, 712, and 714 by a parser. The data streams include a plurality ofdata segments, including data segments 704-710. Each data segment mayrepresent one or more bits, bytes, or any other unit of data size. FIG.7 shows how two similar but not identical data streams may be parsedsimilarly to produce, in at least some instances, at least someidentical chunks.

In some embodiments, a data stream may be parsed by a parser intochunks. The parser may compute a rolling hash function to identify chunkbarriers. For instance, the parser may compute a rolling hash thatincludes the data segment 704. When the hash is computed, it may becompared with one or more boundary condition criteria to determinewhether the parsing of the data stream has reached a chunk boundary. Forinstance, a chunk boundary may be identified when a rolling hash valueis a prime number, is divisible by a designated value, or has some othersuch mathematical property.

In the example shown in FIG. 7, the data segment 704 represents such achunk boundary. Accordingly, the parser draws a boundary, and the databetween the chunk boundary at the data segment 704 and the previouschunk boundary is designated as chunk A 712. The parser continuesparsing the data stream A 700 in this fashion, reaching a new boundaryat the data segment 706 and designating the chunk B1 714, and reachinganother boundary at the data segment 708 and designating the chunk C716.

In the example shown in FIG. 7, the data stream B 750 is similar but notidentical to the data stream A 700. In the data stream B 750, the datasegment 710 has been added. This is a relatively small and specificexample modification for the purpose of illustration. Nevertheless,various types of modifications are possible. For instance, data segmentsmay be added, removed, or altered.

According to various embodiments, a parser may parse the data stream B750 in a manner substantially similar to the parsing of the data streamA 700. For instance, the parser reaches a boundary at the data segment704 and designating the chunk A 712. Then, the parser reaches anotherboundary at the data segment 706 and designates the chunk B2 718.Finally, the parser reaches a boundary at the data segment 708 anddesignates the chunk C 716.

In the example shown in FIG. 7, both data streams include chunk A 712 aswell as chunk C 716. Since the same data is included in these chunks asparsed by both data streams, the fingerprints of these chunks areidentical as well. Thus, if both data streams are stored to adeduplication storage system, only one copy of chunk A 712 and chunk C716 need be stored. In contrast, in the example shown in FIG. 7, chunkB1 714 is different than chunk B2 718. Thus, chunks B1 714 and B2 718will have different fingerprints, and both chunks can be stored in thededuplication storage system.

According to various embodiments, techniques and mechanisms describedherein may facilitate the client-side deduplication of data streams suchas the ones shown in FIG. 7. For instance, if the data stream B 750 isprocessed for writing to a networked storage system after the datastream A 750 has already been written to the networked storage system,then only the data chunk B2 718 need be transmitted from the clientdevice to the networked storage system. In particular embodiments, suchclient-side deduplication may be performed even when data write requestsare provided at the client device via a standard and/or non-proprietarycommunication protocol that does not conventionally support client-sidededuplication.

FIG. 8 illustrates a client-side data storage method 800, performed inaccordance with one or more embodiments. The method 800 may be performedat a client device in communication with a networked storage system. Forinstance, the client device and networked storage system may beconfigured as shown in FIGS. 1-4. The method 800 may be performed whenit is determined that a data chunk needs to be transmitted to thenetworked storage system for storage.

At 802, a request to store a chunk to a networked storage system isreceived. According to various embodiments, the request may be generatedas part of a storage procedure for storing a data stream, a file, orsome other data object to the networked storage system. For instance,the request may be generated as part of the operation 514 shown in FIG.5.

At 804, a determination is made as to an amount of available computingresources. In some embodiments, the computing resources may describeresources available at the client device. Alternately, or additionally,the computing resources may describe resources available at thenetworked storage system. For instance, the client device maycommunicate with the networked storage device to determine whether thenetworked storage device has resources available or is overburdened withtasks such as fielding data storage or retrieval requests.

According to various embodiments, the computing resources may includeany or all resources that may affect or be affected by an encryptionprocess performed at the client device and/or networked storage system.For example, the computing resources may indicate one or more hardwareusage characteristics such as processor usage, memory usage, or storagesystem usage. As another example, the computing resources may indicateone or more network usage characteristics such as a number of storagerequests or an amount of bandwidth usage. As yet another example, thecomputing resources may indicate a level of software usage such as thenumber of software threads being executed by a processor system.

In particular embodiments, the computing resources may indicate anamount of a resource in use, an amount of a resource available, or both.For instance, in the case of processor usage, the resource availabilitydetermined at operation 804 may indicate a percentage of processingpower that is in use and/or a percentage of processing power thatremains available for use.

At 806, a threshold level of computing resources is identified. Inparticular embodiments, the threshold level of computing resources mayindicate one or more conditions under which a chunk is to be designatedfor encryption at the client device or the networked storage system. Forinstance, the threshold level may indicate that a chunk is to bedesignated for encryption at the client device if the client device hasa designated percentage of processing power available and a designatedamount of unused memory available.

In particular embodiments, the threshold level of computing resourcesmay indicate a single threshold value for one type of computing resourcesuch as processor available. Alternately, the threshold level ofcomputing resources or may indicate a combination of threshold valuesfor different types of computing resources, such as processor and memoryavailability.

In some implementations, the threshold level may be strategicallydetermined based on characteristics such as hardware and/or softwareavailable at the client device, the hardware and/or software availableat the networked storage system. The threshold level may be implementedat least in part as an absolute restriction, such as a percentage ofavailable processing power. Alternately, or additionally, the thresholdlevel may be implemented at least in part as a relative restriction. Forinstance, the threshold may be met if the client device has a greaterproportion of available resources than the networked storage system.

At 808, a determination is made as to whether the amount of availableresources exceeds the threshold level. In some embodiments, thedetermination may be made by comparing the resources determined atoperation 804 with the threshold level identified at operation 806.

At 810, the chunk is encrypted at the client device. According tovarious embodiments, the chunk may be encrypted with the encryptionmodule 416 discussed with respect to FIG. 4. Any suitable encryptionand/or compression technique may be used.

At 812, the encrypted chunk is transmitted to the networked storagesystem. At 814, the unencrypted chunk is transmitted to the networkedstorage device. According to various embodiments, the chunk may betransmitted to the networked storage system as discussed with respect tooperation 514.

In particular embodiments, chunk metadata describing the chunk may betransmitted along with the chunk itself. For instance, the chunkmetadata may identify whether the chunk was encrypted at the clientdevice.

FIG. 9 illustrates a client-side data retrieval method 900, performed inaccordance with one or more embodiments. The method 900 may be performedat a client device in communication with a networked storage system, forinstance as shown in FIGS. 1-4. The method 900 may be performed toretrieve data such as a file stored on a networked storage system.

At 902, a request to retrieve a file from a networked storage system isreceived. According to various embodiments, the request may be generatedas part of a retrieval procedure for retrieving a data stream, a file,or some other data object from the networked storage system. Forinstance, the request may be received at the client protocol module 402in the communications protocol interface 114 implemented at a clientdevice.

At 904, a determination is made as to an amount of available computingresources. In some embodiments, the computing resources may describeresources available at the client device. Alternately, or additionally,the computing resources may describe resources available at thenetworked storage system. For instance, the client device maycommunicate with the networked storage device to determine whether thenetworked storage device has resources available or is overburdened withtasks such as fielding data storage or retrieval requests.

According to various embodiments, the computing resources may includeany or all resources that may affect or be affected by a decryptionprocess performed at the client device and/or networked storage system.For example, the computing resources may indicate one or more hardwareusage characteristics such as processor usage, memory usage, or storagesystem usage. As another example, the computing resources may indicateone or more network usage characteristics such as a number of storagerequests or an amount of bandwidth usage. As yet another example, thecomputing resources may indicate a level of software usage such as thenumber of software threads being executed by a processor system.

In particular embodiments, the computing resources may indicate anamount of a resource in use, an amount of a resource available, or both.For instance, in the case of processor usage, the resource availabilitydetermined at operation 904 may indicate a percentage of processingpower that is in use and/or a percentage of processing power thatremains available for use.

In some implementations, the determination of an amount of availablecomputing resources at operation 904 may be similar to the determinationof an amount of available computing resources at operation 804.Alternately, different computing resources may be selected for analysis.For instance, encrypting and/or compressing a data chunk may implicatedifferent combinations of resources than decrypting and/or decompressinga data chunk.

At 906, a threshold level of computing resources is identified. Inparticular embodiments, the threshold level of computing resources mayindicate one or more conditions under which a chunk is to be designatedfor decryption at the client device or the networked storage system. Forinstance, the threshold level may indicate that a chunk is to bedesignated for decryption at the client device if the client device hasa designated percentage of processing power available and a designatedamount of unused memory available.

In particular embodiments, the threshold level of computing resourcesmay indicate a single threshold value for one type of computing resourcesuch as processor available. Alternately, the threshold level ofcomputing resources or may indicate a combination of threshold valuesfor different types of computing resources, such as processor and memoryavailability.

In some implementations, the threshold level may be strategicallydetermined based on characteristics such as hardware and/or softwareavailable at the client device, the hardware and/or software availableat the networked storage system. The threshold level may be implementedat least in part as an absolute restriction, such as a percentage ofavailable processing power. Alternately, or additionally, the thresholdlevel may be implemented at least in part as a relative restriction. Forinstance, the threshold may be met if the client device has a greaterproportion of available resources than the networked storage system.

In some implementations, the identification of a threshold level ofcomputing resources at operation 906 may be similar to the determinationof a threshold level of available computing resources at operation 806.Alternately, different threshold levels may be identified. For instance,encrypting and/or compressing a data chunk may implicate differentcombinations of resources than decrypting and/or decompressing a datachunk.

At 908, a determination is made as to whether the available computingresources exceed the threshold level. In some embodiments, thedetermination may be made by comparing the resources determined atoperation 904 with the threshold level identified at operation 906.

At 910, if it is determined that the available computing resources donot exceed the threshold level, then one or more decrypted chunksassociated with the requested file are retrieved from the networkedstorage system. At 912, if instead it is determined that the availablecomputing resources do exceed the threshold level, then one or moreencrypted chunks associated with the requested file are retrieved fromthe networked storage system.

According to various embodiments, a chunk may be retrieved from thenetworked storage system by transmitting a message identifying the chunkto the networked storage system along with a request to receive theidentified chunk. The message may include a request that the networkedstorage system decrypted the identified chunk prior to transmission.Alternately, the message may include a request that the networkedstorage system transmit an encrypted chunk.

At 914, the encrypted chunks are decrypted at the client device.According to various embodiments, the chunk may be decrypted with theencryption module 416 discussed with respect to FIG. 4. Any suitabledecryption and/or compression technique may be used. For instance, thedecryption and/or decompression techniques may reverse the encryptionand/or compression performed as discussed with respect to operation 810discussed with respect to FIG. 8.

According to various embodiments, providing the requested file at theclient device may involve combining the encrypted or decompressed chunksto produce a file. For instance, the networked storage system maytransmit chunk file offset information for use in ordering andpositioning chunks within a file. The file that is composed of thedifferent chunks may then be provided as a data stream over a bus toanother module at the client device such as a memory location, apersistent storage module, or a processor.

According to various embodiments, the computing resources may be checkedperiodically, at scheduled times, or upon request. In the method 900,the availability of computing resources is checked before retrieving atfile. However, the availability of computing resources may be checkedbefore retrieving each chunk, before retrieving a data stream includingmore than one file, before or after retrieving a designated amount ofdata, before or after retrieving a designated number of chunks, or atany other interval.

Because various information and program instructions may be employed toimplement the systems/methods described herein, the present inventionrelates to non-transitory machine readable media that include programinstructions, state information, etc. for performing various operationsdescribed herein. Examples of machine-readable media include hard disks,floppy disks, magnetic tape, optical media such as CD-ROM disks andDVDs; magneto-optical media such as optical disks, and hardware devicesthat are specially configured to store and perform program instructions,such as read-only memory devices (ROM) and programmable read-only memorydevices (PROMs). Examples of program instructions include both machinecode, such as produced by a compiler, and files containing higher levelcode that may be executed by the computer using an interpreter.

Although many of the components and processes are described above in thesingular for convenience, it will be appreciated by one of skill in theart that multiple components and repeated processes can also be used topractice the techniques of the present invention.

While the invention has been particularly shown and described withreference to specific embodiments thereof, it will be understood bythose skilled in the art that changes in the form and details of thedisclosed embodiments may be made without departing from the spirit orscope of the invention. It is therefore intended that the invention beinterpreted to include all variations and equivalents that fall withinthe true spirit and scope of the present invention.

What is claimed is:
 1. A method comprising: at a client devicecomprising a processor and memory, parsing a data stream to identify oneor more uncompressed data chunks for transmission to a networked storagesystem; compressing each uncompressed data chunk to produce a respectivecompressed data chunk; and transmitting each compressed data chunk tothe networked storage system via a network for storage at the networkedstorage system.